Overview

overview

10

Static

static

1

mal.lnk

windows7-x64

10

mal.lnk

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    53ea99f463412c04f4e1f8116c6b7b76132f44600511e36b702855c1dfefcb98.7z

  • Size

    4.5MB

  • Sample

    240228-tlmjjafh3s

  • MD5

    05a891e290ee4c789de8a8f51321489e

  • SHA1

    0eda89ce30f45f77eecc967ed71128bbb4666c37

  • SHA256

    53ea99f463412c04f4e1f8116c6b7b76132f44600511e36b702855c1dfefcb98

  • SHA512

    e8f3ab93b746823ec226a45e047770d10dac91713a5a2a33c6fc8dba75922b4ff81afe13bf0e6e60eb780c5bf23662c2e0f833add92c3610a2daebe5aabbfb55

  • SSDEEP

    12288:SIE7vcNfu6Unvjb71lewzSxk5iDTHxeZhtkzYLLXUHZEXGKD:SIEYNW6Uvjv64H5iPAZMULbAZEXxD

Score
10/10
rokratrat

Malware Config

Targets

    • Target

      mal.lnk

    • Size

      221.4MB

    • MD5

      5f6682ad9da4590cba106e2f1a8cbe26

    • SHA1

      7043c7c101532df47c832ce5270745dd3d1e8c08

    • SHA256

      dbd5d662cc53d4b91cf7da9979cdffd1b4f702323bb9ec4114371bc6f4f0d4a6

    • SHA512

      e744d1b0cf232c4cf224cd1413b13e41889692e2d1f29e948fe8d4a5cb1304bca9a7b5de9c34db98c8eb7440761d5233bc5ac6a4fe75de2d4009a06f318c1d35

    • SSDEEP

      24576:P0sde6UvoEkUnigRXTTYdy830QtO0oIJjW7sFAc1Mh5l2yf:Mz6UvRXigjbaJa7f2yf

    Score
    10/10
    rokratrat

    • Detect Rokrat payload

    • Rokrat

      Rokrat is a remote access trojan written in c++.

      ratrokrat

    • Blocklisted process makes network request

    • Checks BIOS information in registry

      BIOS information is often read in order to detect sandboxing environments.

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Deletes itself

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks